/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.demo.controller;

import com.demo.exception.RestException;
import com.demo.model.Account;
import com.demo.service.AccountService;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 *
 * @author student
 */
@Controller
public class SecurityController {
    
    @Autowired
	protected HttpServletRequest httpServletRequest;
    
    @Autowired
        AccountService accountService;
        	
    public static boolean isAjax(HttpServletRequest request) {
        return "XMLHttpRequest".equals(request.getHeader("X-Requested-With"));
    }
    
		@RequestMapping(value = "security_error.htm", method = RequestMethod.GET)
	public ModelAndView errorHandler(
                HttpServletRequest req,
                HttpServletResponse res) {
                    
            ModelAndView mav;
            if (isAjax(req)) {      
                mav = new ModelAndView("jsonView");

                mav.addObject("error", "access_denied");
                mav.addObject("res", false);
            } else {
                mav = new ModelAndView("login");
            }

            return mav;
	}
        
        @RequestMapping("login.htm")
	public ModelAndView loginHandler(
		HttpServletResponse httpServletResponse,
		@RequestParam(value = "email", required = true) String email,
		@RequestParam(value = "password", required = true) String password) throws IOException {
		Account account = new Account();
        
        ModelAndView mav = new ModelAndView("jsonView");
            
        try {
            account = accountService.getAccountByLogin(email);
			if (null == account) {
                throw new RestException("Login not correct");
            }
            //String salt = cryptService.getSalt(account.getPassword());
            //String encryptedPassword = cryptService.cryptPassword(password, salt);
            String encryptedPassword = password;
            String accountPassword = account.getPassword();
            if (!accountPassword.equals(encryptedPassword)) {
                throw new RestException("Password not correct");
            }
            accountService.setAuthentication(
                account.getEmail(),
                account.getPassword(),
                account.getAuthorities());

            //httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
			
			mav.addObject("res", true);

        } catch (RestException ex) {
            mav.addObject("error", ex.getMessage());
            mav.addObject("res", false);
        }
        return mav;
            
            
		

	}
	                    
        
}
